PT-2026-48226

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this...

Dell Inventory Collector Client 安全漏洞

Dell Inventory Collector Client is a terminal asset inventory tool developed by the American company Dell. Versions of Dell Inventory Collector Client prior to version 13.8.0 contained security vulnerabilities. These vulnerabilities were caused by improper link resolution before file access, whic...

PT-2026-48148

Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...

PT-2026-48281

Name of the Vulnerable Software and Affected Versions c2pa-web versions prior to 0.7.1 c2pa-v versions prior to 0.80.1 Description An improper limitation of a pathname to a restricted directory, known as Path Traversal, allows for an arbitrary file system write. This issue enables an attacker to...

CVE-2026-36726

An arbitrary file deletion vulnerability in the /api/delete-temp-license/file endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences...

PT-2026-47773

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside...

bookcars 安全漏洞

BookCars is a car rental management platform developed by Akram El Assas. Version 8.3 of BookCars contains a security vulnerability. This vulnerability stems from the/api/create-car-image component, which has a vulnerability related to arbitrary file uploads. This could allow attackers to execute...

PT-2026-48224

Name of the Vulnerable Software and Affected Versions Dreamweaver Desktop versions prior to 21.8 Description An improper access control issue allows for arbitrary file system read, enabling an attacker to access sensitive files and directories outside the intended access scope. Exploitation...

CVE-2026-36723

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to...

CVE-2026-36722

An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file...

PT-2026-47798

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer e.g. via XSS or a malicious plugin, can read, write, or delete arbitrary files on the user's...

PT-2026-48275

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.19 and earlier ColdFusion versions 2025.8 and earlier Description An Improper Restriction of XML External Entity Reference XXE allows arbitrary file system read. This issue enables an attacker to access sensitive files...

PT-2026-47797

📣 ADVISORY: Researcher Trung Nguyen from @CyStackSecurity discovered Zip Slip vulnerability in EMQX MQTT Broker CVE-2026-44725, High - enabling arbitrary file write on the system via plugin installation mechanism. Details: https://t.co/iN6SWM48ig EMQX IoT Vulnerability https://t.co/DcfVVoz0qQ...

Apptha Mac Photo Gallery 路径遍历漏洞

Apptha Mac Photo Gallery is a PHP-based website image display system developed by Apptha Corporation. Version 3.0 of Apptha Mac Photo Gallery has a path traversal vulnerability. This vulnerability stems from improper handling of the albid parameter, allowing unauthenticated attackers to download...

Apptha Slider Gallery 路径遍历漏洞

Apptha Slider Gallery is a website image carousel and gallery display plugin provided by Apptha Corporation. Version 1.0 of Apptha Slider Gallery contains a path traversal vulnerability. This vulnerability stems from improper handling of the imgname parameter, which may allow unauthenticated...

Adobe ColdFusion 输入验证错误漏洞

Adobe ColdFusion is a rapid application development platform provided by Adobe Inc. This platform includes an integrated development environment and a scripting language. Versions of Adobe ColdFusion such as 2023.19, 2025.8, and earlier have code vulnerabilities. These vulnerabilities stem from...

📄 Python-Multipart Path Traversal / Arbitrary File Write

Proof of concept that leverages a path traversal vulnerability in Python-Multipart versions prior to 0.0.22 to achieve an arbitrary file write. ================================================================================================================================== | Title :...

Dell/Alienware Purchased Apps 后置链接漏洞

Dell/Alienware Purchased Apps is a pre-installed software management tool developed by the American company Dell. Versions of Dell/Alienware Purchased Apps prior to 1.1.32.0 contained a backlink vulnerability. This vulnerability stemmed from improper link resolution before file access, which coul...

Adobe Dreamweaver Desktop 输入验证错误漏洞

Adobe Dreamweaver Desktop is a web design and development software provided by Adobe, a company based in America. Versions of Adobe Dreamweaver Desktop starting from 21.7 and earlier have a vulnerability related to input validation. This vulnerability arises due to improper input validation, whic...

FreeBSD -- Arbitrary file overwrite via the KTLS receive path

Problem Description: The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous...